Cypherock
  • Introduction
  • Design Decisions
    • The balance between security and convenience
    • Cypherock X1 Hardware architecture
      • Using ultrasonic welding for the X1 Vault enclosure
      • Encrypted NFC communication for X1 cards
      • Using Javacards instead of MicroSD
      • Choosing USB vs QR Code
      • Why the X1 cards are not upgradeable
    • Cypherock is BIP39 compliant
    • Private keys should be near to impossible to extract
    • Conflict between trusted parties should not result in unauthorized access
    • Using Shamir Secret Sharing vs. Multi-sig
      • How is Shamir Secret Sharing implemented within Cypherock X1
      • Why Cypherock has a default 2/5 threshold scheme
      • Rejected Key Schemes
    • PIN Protection on Cypherock X1
      • Difference between backing up your PIN vs. Seed Phrase
  • Security Overview
    • Introduction
    • Keylabs - Third Party Security Audit
    • Remote Attacks
    • Physical Attacks
      • $5 Wrench Attack
      • PIN Brute Force Attack
      • Evil Maid Attack
      • Flashing Malicious Firmware
      • Side Channel Attack
      • Supply Chain Attack
  • Cypherock X1 Features
    • Eliminate messy paper backups
    • Open source with secure elements
    • Use Cypherock as a seed phrase vault
    • All-in-one Portfolio Manager
  • Getting Started
    • Download cySync
    • Import Seed Phrase from existing BIP39 compatible wallet
    • Generate a new wallet with Cypherock X1
    • How Cypherock generates your 24-word seed phrase
    • Best practices in keeping your X1 cards secure
      • Use the protective card sleeves
      • Geographical Seperation
      • Choosing your guardians
    • How do I know I am not locked-in to using only Cypherock X1
    • How do I know my Cypherock X1 is genuine?
      • Email 2FA for Product Authentication
    • How to recover your Crypto assets in the case of loss or theft
    • What happens to my Cypherock X1 if Cypherock goes out of business?
Powered by GitBook
On this page

Was this helpful?

  1. Design Decisions

Using Shamir Secret Sharing vs. Multi-sig

Although multi-sig is very secure in its approach, there are drawbacks to it.

  • There is no standard implementation for multi-sig for different blockchains that support it. There are different implementations done by various organizations, some of them even close-sourced. Additionally, there are risks involved with on-chain protocol changes which should ideally remain unchanged.

  • In a multi-party multi-sig setup, there is a loss of privacy around funds amongst its various co-signers. So if a user has a third-party multi-sig co-signer, they can easily track the funds which paint a target on the fund’s owners.

  • There is support for multi-sig by only certain number of Blockchains currently. Multi-sig is not a universal solution and needs to be implemented for every Blockchain separately which reduces standardization. Additionally, they cannot be used for securing other digital assets like the SSH keys in a similar way.

  • There are higher costs associated with a multi-sig transaction as compared to a transaction done through a single key.

  • There is a limit to the number of co-signers that are possible in a multi-sig setup.

  • It is much more complex to change schemes. For example, if you are using a 3 of 5 multi-sig setup and one of the private keys get compromised, you have to generate a new multi-sig address with a new private key and uncompromised private keys, fetch at least 3 out of 5 devices, make a transaction to send it to the new multi-sig address and then keep them again in remote locations.

Shamir Secret Sharing (SSS) allows us to split a secret into n parts such that with any m-out-of-n pieces you can reconstruct the original secret, but with only m-1 pieces, no information is exposed about the secret. This allows the user to set up a safety threshold of ‘m’ number of pieces required. The original secret is decoded by the owners after reaching threshold parts using Lagrange polynomial. Method-wise it is very similar to Multi-sig, but SSS is carried out off-chain whereas Multi-sig is completely implemented on-chain. In multi-sig, different private keys contribute towards generating a multi-sig address, whereas, in SSS, a single private key is sharded into multiple parts. To balance between accessibility and security, SSS is more preferred for individuals whereas multi-sig is preferred more for enterprises.

There are some advantages of SSS which makes it superior to multi-sig:

  • Since the computation is done off-chain, hierarchical SSS can be implemented where SSS is applied on a cryptographic part itself. This enables multi-dimensional access control which is not possible in multi-sig. Due to an off-chain implementation, there is no risk of on-chain protocol changes.

  • Since SSS can be applied to any sensitive information, unlike multi-sig, standardized implementation is possible for securing any sensitive information which is not just limited to Blockchain private keys, server root keys, PGP/GPG certificates, etc.

  • Unlike multi-sig, SSS is Blockchain agnostic. The BIP39 seed phrase protection using SSS solved a single point of failure with private keys and allows securing any Blockchain private keys.

  • There is no loss of privacy if the co-signers do not know the public key in SSS.

  • Since the transaction is still carried out by a single private key, the transaction costs are comparatively lower.

  • There is no practical limit to the number of shares that can be generated using SSS.

  • It is comparatively far simpler to change schemes when using SSS. For example, if you are using a 3 out of 5 SSS setup and one of the shares get compromised, you just have to generate new shares of the private key and then keep them again in remote locations. No need to make any transactions.

PreviousConflict between trusted parties should not result in unauthorized accessNextHow is Shamir Secret Sharing implemented within Cypherock X1

Last updated 2 years ago

Was this helpful?